There are so many ways to identify a social engineering attack to evade an attacker, below are a few and most prominent ways.
- An Email, Text or Phone call asking for immediate assistance
- An Email, Text or Phone call asking you to donate to a charitable cause.
- An Email, Text or Phone call asking you to “verify” your information
- An Email, Text or Phone call responding to a question you didn’t ask
Asking for immediate assistance
Attackers will use language that instills a sense of urgency and emotional tactics on their victims to try to pressure the victim to rush into action without thinking about it. If someone asks you to make an urgent to your BVN number or bank details via a link sent to your mail, you should slow down and ensure that the transaction you’ll be conducting is legitimate.
Asking to donate to a charitable cause
Social engineers will exploit our generosity with phony requests for donations to charitable causes which includes payment instructions on how to send money to the hacker.
By researching you on social media, a social engineer can figure out what charitable causes, disaster relief efforts, or political campaigns that you are likely to support. They will use this information to craft messages aligned with your ideals.
Asking to verify your information
Another approach social engineers will take is presenting a problem that can only be resolved by you verifying your information. Included in their message will be a link that brings you to a form to provide your information.
These messages and forms can look legitimate with the right logos and branding, which can lull you into believing the sender and the message are legitimate.
An example will be getting a mail from an attacker asking you to update or verify you banking information. This is mostly done through Phishing & Vishing.
Responding to a question you didn’t ask
Social engineers will pose as s customer service agent from your bank and send you a message “responding” to a request for help. Though you never sent a request for help, you might decide that since you already have a rep contacting you, this would be an opportune time to receive support for an issue you’ve been experiencing.
Inevitably the attacker will request specific information from you to “authenticate your identity.” In reality, they’re just stealing your information.
Stay Safe Online
- Machine Learning: Its Role in Cybersecurity - July 12, 2022
- The Deepfake Technology: A Rising Cybersecurity Threat - July 3, 2022
- Crypto is Cybercrime’s Currency of Choice - June 26, 2022
3 Responses